Imagine that you need to enter a restricted area that's forbidden to you. What would you do? Snatching an ID card or key would make sense. Or maybe you could steal someone else’s clothes to con your way in. These tactics works in the digital world as well – they're called privilege escalation.
Privilege escalation is when hackers gain additional privileges that do not normally belong to them. They do this by abusing bugs, configuration flaws or design weak spots in an application or operating system. Depending on the privileges they gain, hackers can use them to access protected data and eventually do whatever they want on your system etc.
There are many techniques to implement such an attack. Most of them target particular operating systems and have specific mitigation techniques. We list some of the more common ones below.
Some operating systems use access tokens to determine the owner of a running process. The access token identifies the user, their privileges, and contains their session's security credentials. A hacker can trick the system and make a token to identify themselves as a legitimate user. By claiming a token, the hacker also gets all of the permissions associated with it. An attacker needs to already possess administrative rights to use this attack. They usually employ this method to elevate their privileges from the admin to the system level.
There are three ways to execute this technique:
Windows User Account Control manages privileges for users within a device. It protects devices from unwanted intrusions by automatically limiting the privileges of users unless an admin increases them. However, if UAC's settings are not set to the highest level, it can grant an application elevated privileges without notifying the user. Hackers can use these apps to gain administrative rights or inject malware.
Process injection is the technique of injecting code into an active process. The code might grant access to another process’s resources and, eventually, to its privileges. As the code is shielded behind a legitimate process, security systems will be less likely to spot it.
A hacker might implement privilege escalation attack by means of social engineering. They can implement it by sending a malicious file and convincing you to run it or injecting malware into your system hereby gaining your account privileges on impacted systems.
Windows Accessibility features can be launched with a key combination prior to logging into the operating system. A hacker might manage to modify accessibility settings without having to log in and create a backdoor entrance into the system.
To minimize privilege escalation vulnerabilities, consider the following measures:
To learn more about cybersecurity, subscribe to our monthly blog newsletter below!